Organizations today use cloud-based services to run their enterprise applications. In many cases, those applications require the integration with internal backend systems that run in the organization's data center, such as an Enterprise Resource Planning (ERP) system. In such a hybrid cloud scenario, the cloud application typically requires the user to authenticate with their credentials, such as a username and password, biometric information, and/or other credentials. Verification of the user's credentials is usually delegated to a trusted identity provider (IDP) that manages the user's account, e.g., a corporate IDP like the organization's user directory. A common and standardized protocol for delegating the authentication to the IDP is the Security Assertion Markup Language (SAML) 2.0.